package xyz.jcat.biz.admin.auth;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.method.MethodSecurityMetadataSource;
import org.springframework.security.access.vote.AbstractAccessDecisionManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import xyz.jcat.web.security.annotation.AuthAnnotationMethodSecurityMetadataSource;

import java.util.List;

@EnableGlobalMethodSecurity
public class GlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguration {

    @Autowired
    private AuthAnnotationAccessDecisionVoter authAnnotationAccessDecisionVoter;
    @Override
    protected AccessDecisionManager accessDecisionManager() {
        AbstractAccessDecisionManager accessDecisionManager =
                (AbstractAccessDecisionManager)super.accessDecisionManager();
        List<AccessDecisionVoter<?>> decisionVoters = accessDecisionManager.getDecisionVoters();
        decisionVoters.add(authAnnotationAccessDecisionVoter);
        return accessDecisionManager;
    }

    @Override
    protected MethodSecurityMetadataSource customMethodSecurityMetadataSource() {
        return new AuthAnnotationMethodSecurityMetadataSource();
    }
}